[PATCH u-boot v2019.04-aspeed-openbmc v2] aspeed: add CONFIG_ASPEED_ENABLE_BACKDOORS
Zev Weiss
zev at bewilderbeest.net
Fri Apr 15 08:40:04 AEST 2022
On ast2400 and ast2500 we now default to disabling the various hardware
backdoor interfaces as is done on ast2600, though the Kconfig option can
be set to y to re-enable them if desired for debugging.
This patch is based on a patch by Andrew Jeffery for an older u-boot
branch in the OpenBMC tree for the df-isolate-bmc distro feature flag.
Signed-off-by: Zev Weiss <zev at bewilderbeest.net>
---
I've tested this on both ast2500 and ast2400, with the slight caveat
that the only ast2400 hardware I have is a hostless (BMC-only) system.
Changes since v1 [0]:
- extended to cover ast2400
- inverted sense of Kconfig option, default (n) is now secure mode
- renamed some register/bit macros more appropriately
[0] https://lore.kernel.org/openbmc/20220414040448.27100-1-zev@bewilderbeest.net/
arch/arm/include/asm/arch-aspeed/platform.h | 7 ++
.../arm/include/asm/arch-aspeed/scu_ast2400.h | 7 ++
.../arm/include/asm/arch-aspeed/scu_ast2500.h | 8 ++
arch/arm/mach-aspeed/Kconfig | 13 ++++
arch/arm/mach-aspeed/ast2400/board_common.c | 68 +++++++++++++++++
arch/arm/mach-aspeed/ast2500/board_common.c | 73 +++++++++++++++++++
6 files changed, 176 insertions(+)
diff --git a/arch/arm/include/asm/arch-aspeed/platform.h b/arch/arm/include/asm/arch-aspeed/platform.h
index f016bdaba3e7..f05747642f38 100644
--- a/arch/arm/include/asm/arch-aspeed/platform.h
+++ b/arch/arm/include/asm/arch-aspeed/platform.h
@@ -15,24 +15,31 @@
/*********************************************************************************/
#if defined(CONFIG_ASPEED_AST2400)
#define ASPEED_MAC_COUNT 2
+#define ASPEED_SDRAM_CTRL 0x1e6e0000
#define ASPEED_HW_STRAP1 0x1e6e2070
#define ASPEED_REVISION_ID 0x1e6e207C
#define ASPEED_SYS_RESET_CTRL 0x1e6e203C
#define ASPEED_VGA_HANDSHAKE0 0x1e6e2040 /* VGA fuction handshake register */
+#define ASPEED_PCIE_CONFIG_SET 0x1e6e2180
#define ASPEED_DRAM_BASE 0x40000000
#define ASPEED_SRAM_BASE 0x1E720000
+#define ASPEED_LPC_CTRL 0x1e789000
#define ASPEED_SRAM_SIZE 0x8000
#define ASPEED_FMC_CS0_BASE 0x20000000
#elif defined(CONFIG_ASPEED_AST2500)
#define ASPEED_MAC_COUNT 2
+#define ASPEED_SDRAM_CTRL 0x1e6e0000
+#define ASPEED_MISC1_CTRL 0x1e6e202C
#define ASPEED_HW_STRAP1 0x1e6e2070
#define ASPEED_HW_STRAP2 0x1e6e20D0
#define ASPEED_REVISION_ID 0x1e6e207C
#define ASPEED_SYS_RESET_CTRL 0x1e6e203C
#define ASPEED_VGA_HANDSHAKE0 0x1e6e2040 /* VGA fuction handshake register */
+#define ASPEED_PCIE_CONFIG_SET 0x1e6e2180
#define ASPEED_MAC_COUNT 2
#define ASPEED_DRAM_BASE 0x80000000
#define ASPEED_SRAM_BASE 0x1E720000
+#define ASPEED_LPC_CTRL 0x1e789000
#define ASPEED_SRAM_SIZE 0x9000
#define ASPEED_FMC_CS0_BASE 0x20000000
#elif defined(CONFIG_ASPEED_AST2600)
diff --git a/arch/arm/include/asm/arch-aspeed/scu_ast2400.h b/arch/arm/include/asm/arch-aspeed/scu_ast2400.h
index 9c5d96ae84b9..55875fd8312f 100644
--- a/arch/arm/include/asm/arch-aspeed/scu_ast2400.h
+++ b/arch/arm/include/asm/arch-aspeed/scu_ast2400.h
@@ -8,6 +8,7 @@
#define SCU_HWSTRAP_VGAMEM_MASK (3 << SCU_HWSTRAP_VGAMEM_SHIFT)
#define SCU_HWSTRAP_MAC1_RGMII (1 << 6)
#define SCU_HWSTRAP_MAC2_RGMII (1 << 7)
+#define SCU_HWSTRAP_LPC_SIO_DEC_DIS (1 << 20)
#define SCU_HWSTRAP_DDR4 (1 << 24)
#define SCU_HWSTRAP_CLKIN_25MHZ (1 << 23)
@@ -104,6 +105,12 @@
#define SCU_CLKDUTY_RGMII2TXCK_SHIFT 16
#define SCU_CLKDUTY_RGMII2TXCK_MASK (0x7f << SCU_CLKDUTY_RGMII2TXCK_SHIFT)
+#define SCU_PCIE_CONFIG_SET_VGA_MMIO (1 << 1)
+#define SCU_PCIE_CONFIG_SET_BMC_EN (1 << 8)
+#define SCU_PCIE_CONFIG_SET_BMC_MMIO (1 << 9)
+#define SCU_PCIE_CONFIG_SET_BMC_DMA (1 << 14)
+
+
struct ast2400_clk_priv {
struct ast2400_scu *scu;
};
diff --git a/arch/arm/include/asm/arch-aspeed/scu_ast2500.h b/arch/arm/include/asm/arch-aspeed/scu_ast2500.h
index 8fe4028e4ff0..06dc998afaa8 100644
--- a/arch/arm/include/asm/arch-aspeed/scu_ast2500.h
+++ b/arch/arm/include/asm/arch-aspeed/scu_ast2500.h
@@ -11,6 +11,7 @@
#define SCU_HWSTRAP_VGAMEM_MASK (3 << SCU_HWSTRAP_VGAMEM_SHIFT)
#define SCU_HWSTRAP_MAC1_RGMII (1 << 6)
#define SCU_HWSTRAP_MAC2_RGMII (1 << 7)
+#define SCU_HWSTRAP_LPC_SIO_DEC_DIS (1 << 20)
#define SCU_HWSTRAP_DDR4 (1 << 24)
#define SCU_HWSTRAP_CLKIN_25MHZ (1 << 23)
@@ -107,6 +108,13 @@
#define SCU_CLKDUTY_RGMII2TXCK_SHIFT 16
#define SCU_CLKDUTY_RGMII2TXCK_MASK (0x7f << SCU_CLKDUTY_RGMII2TXCK_SHIFT)
+#define SCU_PCIE_CONFIG_SET_VGA_MMIO (1 << 1)
+#define SCU_PCIE_CONFIG_SET_BMC_EN (1 << 8)
+#define SCU_PCIE_CONFIG_SET_BMC_MMIO (1 << 9)
+#define SCU_PCIE_CONFIG_SET_BMC_DMA (1 << 14)
+
+#define SCU_MISC_DEBUG_UART_DISABLE (1 << 10)
+
struct ast2500_clk_priv {
struct ast2500_scu *scu;
};
diff --git a/arch/arm/mach-aspeed/Kconfig b/arch/arm/mach-aspeed/Kconfig
index 579a547df61e..4bbf6fff326d 100644
--- a/arch/arm/mach-aspeed/Kconfig
+++ b/arch/arm/mach-aspeed/Kconfig
@@ -45,6 +45,19 @@ config ASPEED_AST2600
which is enabled by support of LPC and eSPI peripherals.
endchoice
+config ASPEED_ENABLE_BACKDOORS
+ bool "Enable hardware features that provide back-door access to the BMC"
+ depends on ASPEED_AST2400 || ASPEED_AST2500
+ help
+ Aspeed BMCs include a number of hardware features that
+ provide access to BMC internals that is undesirable in
+ production systems for security reasons (iLPC2AHB, P2A,
+ PCIe, debug UART, X-DMA, LPC2AHB), but may be useful for
+ debugging. Say Y here to enable these features for a debug
+ (insecure) build. (This option is not available for the
+ ast2600, on which the backdoors are disabled
+ unconditionally.)
+
config ASPEED_PALLADIUM
bool "Aspeed palladium for simulation"
default n
diff --git a/arch/arm/mach-aspeed/ast2400/board_common.c b/arch/arm/mach-aspeed/ast2400/board_common.c
index 3829b069342e..10ce7af8c108 100644
--- a/arch/arm/mach-aspeed/ast2400/board_common.c
+++ b/arch/arm/mach-aspeed/ast2400/board_common.c
@@ -4,14 +4,82 @@
#include <ram.h>
#include <timer.h>
#include <asm/io.h>
+#include <asm/arch/platform.h>
+#include <asm/arch/scu_ast2400.h>
#include <asm/arch/timer.h>
#include <linux/err.h>
#include <dm/uclass.h>
DECLARE_GLOBAL_DATA_PTR;
+#if !defined(CONFIG_ASPEED_ENABLE_BACKDOORS)
+#define AST_LPC_HICR5 0x080
+# define LPC_HICR5_ENFWH BIT(10)
+#define AST_LPC_HICRB 0x100
+# define LPC_HICRB_SIO_ILPC2AHB_DIS BIT(6)
+
+#define AST_SDMC_PROTECT 0x00
+# define SDRAM_UNLOCK_KEY 0xfc600309
+#define AST_SDMC_GFX_PROT 0x08
+# define SDMC_GFX_PROT_VGA_CURSOR BIT(0)
+# define SDMC_GFX_PROT_VGA_CG_READ BIT(1)
+# define SDMC_GFX_PROT_VGA_ASCII_READ BIT(2)
+# define SDMC_GFX_PROT_VGA_CRT BIT(3)
+# define SDMC_GFX_PROT_PCIE BIT(16)
+# define SDMC_GFX_PROT_XDMA BIT(17)
+
+static void isolate_bmc(void)
+{
+ bool sdmc_unlocked;
+ u32 val;
+
+ /* iLPC2AHB */
+ val = readl(ASPEED_HW_STRAP1);
+ val |= SCU_HWSTRAP_LPC_SIO_DEC_DIS;
+ writel(val, ASPEED_HW_STRAP1);
+
+ val = readl(ASPEED_LPC_CTRL + AST_LPC_HICRB);
+ val |= LPC_HICRB_SIO_ILPC2AHB_DIS;
+ writel(val, ASPEED_LPC_CTRL + AST_LPC_HICRB);
+
+ /* P2A, PCIe BMC */
+ val = readl(ASPEED_PCIE_CONFIG_SET);
+ val &= ~(SCU_PCIE_CONFIG_SET_BMC_DMA
+ | SCU_PCIE_CONFIG_SET_BMC_MMIO
+ | SCU_PCIE_CONFIG_SET_BMC_EN
+ | SCU_PCIE_CONFIG_SET_VGA_MMIO);
+ writel(val, ASPEED_PCIE_CONFIG_SET);
+
+ /* X-DMA */
+ sdmc_unlocked = readl(ASPEED_SDRAM_CTRL + AST_SDMC_PROTECT);
+ if (!sdmc_unlocked)
+ writel(SDRAM_UNLOCK_KEY, ASPEED_SDRAM_CTRL + AST_SDMC_PROTECT);
+
+ val = readl(ASPEED_SDRAM_CTRL + AST_SDMC_GFX_PROT);
+ val |= (SDMC_GFX_PROT_VGA_CURSOR
+ | SDMC_GFX_PROT_VGA_CG_READ
+ | SDMC_GFX_PROT_VGA_ASCII_READ
+ | SDMC_GFX_PROT_VGA_CRT
+ | SDMC_GFX_PROT_PCIE
+ | SDMC_GFX_PROT_XDMA);
+ writel(val, ASPEED_SDRAM_CTRL + AST_SDMC_GFX_PROT);
+
+ if (!sdmc_unlocked)
+ writel(~SDRAM_UNLOCK_KEY, ASPEED_SDRAM_CTRL + AST_SDMC_PROTECT);
+
+ /* LPC2AHB */
+ val = readl(ASPEED_LPC_CTRL + AST_LPC_HICR5);
+ val &= ~LPC_HICR5_ENFWH;
+ writel(val, ASPEED_LPC_CTRL + AST_LPC_HICR5);
+}
+#endif
+
__weak int board_init(void)
{
+#if !defined(CONFIG_ASPEED_ENABLE_BACKDOORS)
+ isolate_bmc();
+#endif
+
gd->bd->bi_boot_params = CONFIG_SYS_SDRAM_BASE + 0x100;
return 0;
diff --git a/arch/arm/mach-aspeed/ast2500/board_common.c b/arch/arm/mach-aspeed/ast2500/board_common.c
index ce541e88fb8e..29554011eb38 100644
--- a/arch/arm/mach-aspeed/ast2500/board_common.c
+++ b/arch/arm/mach-aspeed/ast2500/board_common.c
@@ -7,18 +7,91 @@
#include <ram.h>
#include <timer.h>
#include <asm/io.h>
+#include <asm/arch/platform.h>
+#include <asm/arch/scu_ast2500.h>
+#include <asm/arch/sdram_ast2500.h>
#include <asm/arch/timer.h>
#include <linux/err.h>
#include <dm/uclass.h>
DECLARE_GLOBAL_DATA_PTR;
+#if !defined(CONFIG_ASPEED_ENABLE_BACKDOORS)
+#define AST_LPC_HICR5 0x080
+# define LPC_HICR5_ENFWH BIT(10)
+#define AST_LPC_HICRB 0x100
+# define LPC_HICRB_SIO_ILPC2AHB_DIS BIT(6)
+
+# define AST_SDMC_PROTECT 0x00
+# define AST_SDMC_GFX_PROT 0x08
+# define SDMC_GFX_PROT_VGA_CURSOR BIT(0)
+# define SDMC_GFX_PROT_VGA_CG_READ BIT(1)
+# define SDMC_GFX_PROT_VGA_ASCII_READ BIT(2)
+# define SDMC_GFX_PROT_VGA_CRT BIT(3)
+# define SDMC_GFX_PROT_PCIE BIT(16)
+# define SDMC_GFX_PROT_XDMA BIT(17)
+
+static void isolate_bmc(void)
+{
+ bool sdmc_unlocked;
+ u32 val;
+
+ /* iLPC2AHB */
+ val = readl(ASPEED_HW_STRAP1);
+ val |= SCU_HWSTRAP_LPC_SIO_DEC_DIS;
+ writel(val, ASPEED_HW_STRAP1);
+
+ val = readl(ASPEED_LPC_CTRL + AST_LPC_HICRB);
+ val |= LPC_HICRB_SIO_ILPC2AHB_DIS;
+ writel(val, ASPEED_LPC_CTRL + AST_LPC_HICRB);
+
+ /* P2A, PCIe BMC */
+ val = readl(ASPEED_PCIE_CONFIG_SET);
+ val &= ~(SCU_PCIE_CONFIG_SET_BMC_DMA
+ | SCU_PCIE_CONFIG_SET_BMC_MMIO
+ | SCU_PCIE_CONFIG_SET_BMC_EN
+ | SCU_PCIE_CONFIG_SET_VGA_MMIO);
+ writel(val, ASPEED_PCIE_CONFIG_SET);
+
+ /* Debug UART */
+ val = readl(ASPEED_MISC1_CTRL);
+ val |= SCU_MISC_DEBUG_UART_DISABLE;
+ writel(val, ASPEED_MISC1_CTRL);
+
+ /* X-DMA */
+ sdmc_unlocked = readl(ASPEED_SDRAM_CTRL + AST_SDMC_PROTECT);
+ if (!sdmc_unlocked)
+ writel(SDRAM_UNLOCK_KEY, ASPEED_SDRAM_CTRL + AST_SDMC_PROTECT);
+
+ val = readl(ASPEED_SDRAM_CTRL + AST_SDMC_GFX_PROT);
+ val |= (SDMC_GFX_PROT_VGA_CURSOR
+ | SDMC_GFX_PROT_VGA_CG_READ
+ | SDMC_GFX_PROT_VGA_ASCII_READ
+ | SDMC_GFX_PROT_VGA_CRT
+ | SDMC_GFX_PROT_PCIE
+ | SDMC_GFX_PROT_XDMA);
+ writel(val, ASPEED_SDRAM_CTRL + AST_SDMC_GFX_PROT);
+
+ if (!sdmc_unlocked)
+ writel(~SDRAM_UNLOCK_KEY, ASPEED_SDRAM_CTRL + AST_SDMC_PROTECT);
+
+ /* LPC2AHB */
+ val = readl(ASPEED_LPC_CTRL + AST_LPC_HICR5);
+ val &= ~LPC_HICR5_ENFWH;
+ writel(val, ASPEED_LPC_CTRL + AST_LPC_HICR5);
+}
+#endif
+
__weak int board_init(void)
{
struct udevice *dev;
int i;
int ret;
+#if !defined(CONFIG_ASPEED_ENABLE_BACKDOORS)
+ isolate_bmc();
+#endif
+
gd->bd->bi_boot_params = CONFIG_SYS_SDRAM_BASE + 0x100;
/*
--
2.35.1
More information about the openbmc
mailing list